[
https://issues.apache.org/jira/browse/OWB-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Struberg resolved OWB-1396.
--------------------------------
Resolution: Fixed
> upgrade to log4j2 2.15.0
> ------------------------
>
> Key: OWB-1396
> URL: https://issues.apache.org/jira/browse/OWB-1396
> Project: OpenWebBeans
> Issue Type: Task
> Components: Core
> Affects Versions: 2.0.24
> Reporter: Mark Struberg
> Assignee: Mark Struberg
> Priority: Minor
> Fix For: 2.0.25
>
>
> We gonna bump our log4j 2 version to the CVE free 2.15.0.
> Note that we did not ship this but only used it as a provided compile time
> dependency for compiling our optional log4j2 support against it! So this is
> not strictly a CVE related issue but just to make sure we don't get too many
> reports that we are using an evil version.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
